-
Notifications
You must be signed in to change notification settings - Fork 39
/
enforcer_operable.go
48 lines (41 loc) · 1.13 KB
/
enforcer_operable.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package intercept
import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/sets"
)
func init() {
// Emit, transfer and record.
//
// Only consider operable types.
//
for _, gvk := range []schema.GroupVersionKind{
// Select pod directly.
corev1.SchemeGroupVersion.WithKind("Pod"),
} {
opEnforcer.gvks.Insert(gvk)
gvr, _ := meta.UnsafeGuessKindToResource(gvk)
opEnforcer.gvrs.Insert(gvr)
}
}
// Operable returns Enforcer to detect if the given Kubernetes GVK/GVR is operable enforcer.
func Operable() Enforcer {
// Singleton pattern.
return opEnforcer
}
// operableEnforcer implements Enforcer.
type operableEnforcer struct {
gvks sets.Set[schema.GroupVersionKind]
gvrs sets.Set[schema.GroupVersionResource]
}
func (e operableEnforcer) AllowGVK(gvk schema.GroupVersionKind) bool {
return e.gvks.Has(gvk)
}
func (e operableEnforcer) AllowGVR(gvr schema.GroupVersionResource) bool {
return e.gvrs.Has(gvr)
}
var opEnforcer = operableEnforcer{
gvks: sets.Set[schema.GroupVersionKind]{},
gvrs: sets.Set[schema.GroupVersionResource]{},
}